Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-28464HistoryMar 31, 2023 - 4:15 p.m.
CVE-2023-28464
2023-03-3116:15:07
Debian Security Bug Tracker
security-tracker.debian.org
19
cve-2023-28464
hci_conn_cleanup
net/bluetooth/hci_conn.c
use-after-free
privilege escalation
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 6.1.94-1 | linux_6.1.94-1_all.deb |
| Debian | 11 | all | linux | < 5.10.218-1 | linux_5.10.218-1_all.deb |
| Debian | 999 | all | linux | < 6.9.7-1 | linux_6.9.7-1_all.deb |
| Debian | 13 | all | linux | < 6.9.7-1 | linux_6.9.7-1_all.deb |
Related
cvelist
cvelist
CVE-2023-28464
2023-03-31 00:00:00
prion
prion
Double free
2023-03-31 16:15:00
cbl_mariner
cbl_mariner
CVE-2023-28464 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
CVE-2023-28464 affecting package kernel for versions less than 5.15.122.1-2
2023-08-10 16:37:57
ubuntucve
ubuntucve
CVE-2023-28464
2023-03-31 00:00:00
CVE-2023-52830
2024-05-21 00:00:00
nvd
nvd
CVE-2023-28464
2023-03-31 16:15:07
redhatcve
redhatcve
CVE-2023-28464
2023-03-31 15:19:47
cve
cve
CVE-2023-28464
2023-03-31 16:15:07
debiancve
debiancve
CVE-2023-52830
2024-05-21 16:15:20
nessus
nessus
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0090
2023-09-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1801-1)
2023-04-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2805-1)
2023-07-12 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2646-1)
2024-03-04 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
2024-06-07 15:32:38
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34
osv
osv
Moderate: kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
Moderate: kernel security, bug fix, and enhancement update
2024-05-22 00:00:00
Moderate: kernel-rt security and bug fix update
2024-06-14 13:59:36
rocky
rocky
kernel-rt security and bug fix update
2024-06-14 13:59:36
kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
redhat
redhat
(RHSA-2024:3138) Moderate: kernel security, bug fix, and enhancement update
2024-05-22 06:35:43
(RHSA-2024:2950) Moderate: kernel-rt security and bug fix update
2024-05-22 06:35:10
(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update
2024-04-30 06:15:35
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
kernel security, bug fix, and enhancement update
2024-05-02 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for DEBIANCVE:CVE-2023-28464